* Closes#16681: Introduce render_config permission for configuration rendering
Add a new custom permission action `render_config` for rendering device and
virtual machine configurations via the REST API. This allows users to render
configurations without requiring the `add` permission.
Changes:
- Add permission check to RenderConfigMixin.render_config() for devices and VMs
- Update API tests to use render_config permission instead of add
- Add tests verifying permission enforcement (403 without render_config)
- Document new permission requirement in configuration-rendering.md
Note: Currently requires both render_config AND add permissions due to the
automatic POST='add' filter in BaseViewSet.initial(). Removing the add
requirement will be addressed in a follow-up commit.
* Correct permission denied message and enable translation
* Remove add permission requirement for render_config endpoint
Remove the add permission requirement from the render-config API endpoint
while maintaining token write_enabled enforcement as specified in #16681.
Changes:
- Add TokenWritePermission class to check token write ability without requiring
specific model permissions
- Override get_permissions() in RenderConfigMixin to use TokenWritePermission
instead of TokenPermissions for render_config action
- Replace queryset restriction: use render_config instead of add
- Remove add permissions from tests - render_config permission now sufficient
- Update tests to expect 404 when permission denied (NetBox standard pattern)
Per #16681: 'requirement for write permission makes sense for API calls
(because we're accepting and processing arbitrary user data), the specific
permission for creating devices does not'
* Add render_config permission to ConfigTemplate render endpoint
Extend render_config permission requirement to the ConfigTemplate render
endpoint per issue comments.
Changes:
- Add TokenWritePermission check via get_permissions() override in
ConfigTemplateViewSet
- Restrict queryset to render_config permission in render() method
- Add explicit render_config permission check
- Add tests for ConfigTemplate.render() with and without permission
- Update documentation to include ConfigTemplate endpoint
* Address PR feedback on render_config permissions
Remove redundant permission checks, add view permission enforcement via
chained restrict() calls, and rename ConfigTemplate permission action
from render_config to render for consistency.
* Address second round of PR feedback on render_config permissions
- Remove ConfigTemplate view permission check from render_config endpoint
- Add sanity check to TokenWritePermission for non-token auth
- Use named URL patterns instead of string concatenation in tests
- Remove extras.view_configtemplate from test permissions
- Add token write_enabled enforcement tests for all render endpoints
* Misc cleanup
---------
Co-authored-by: Jeremy Stretch <jstretch@netboxlabs.com>
* Add message field to ObjectChange model
* Set max length on changelog message
* Enable changelog messages for single object operations
* Fix tests
* Add changelog message support for bulk edit & bulk delete
* Cosmetic improvements to form fields
* Fix bulk operation templates
* Add message support for bulk import/update
* Add REST API support for changelog messages (WIP)
* Fix changelog_message assignment
* Enable changelog message support for bulk deletions
* Add documentation
* Fix changelog message support for VirtualChassis
* Add ChangeLoggingMixin to necesssary model forms
* Introduce get_random_string() utility function for tests
* Incorporate changelog messages for object view tests
* Incorporate changelog messages for object bulk view tests
* Add missing mixins for changelog message support
* Tweak test to generate expected number of change records
* Finish adding tests for changelog message functionality
* Misc cleanup
* Fixes#19956: Prevent duplicate deletion records from cascading deletions
* Tweak bulk deletion test to work around cascading deletions issue
* Correct API URL
* Closes: #18588: Relabel Service model to Application Service
Updates the `verbose_name` of the `Service` and `ServiceTemplate` models to "Application Service" and
"Application Service Template" respectively. This serves as the foundational change for relabeling
the model throughout the user interface to reduce ambiguity.
To preserve backward compatibility for the REST and GraphQL APIs, the test suites have been updated
to assert the stability of the original field and parameter names. This includes:
* Using `filter_name_map` in the filterset test case to ensure API query parameters remain
`service` and `service_id`.
* Employing the GraphQL test suite's aliasing mechanism to ensure the public schema remains
unchanged despite the underlying `verbose_name` modification.
Subsequent commits will address UI-specific labels in navigation, tables, forms, and templates.
* Rename to Application Services/Application Service Templates in nav menu
* Rename ~service to ~'Application Service' in templates
This was done for both the Service model and Service Template model
appearances in templates where the word was hardcoded.
* Change ~service to ~'application service' hardcoded strings in Python files
* Update ~service to ~'application service' in docs
Occurrences of the old term have been replaced by the new term. However,
the documentation still needs some work to reflect the new Entra ID
screenshots and terminology.
* 12826 add RackType
* 12826 add forms, filters, tables
* 12826 add to menu
* 12826 remove role
* 12826 add api/serializers
* 12826 add tests and fixes
* 12826 fix tests
* 12826 fix tests
* 12826 fix tests
* 12826 fix tests
* 12826 add device_type to device and instantiation
* 12826 test device creation
* 12826 add slug
* 12826 fix tests
* 12826 fix slug field
* 12826 prevent modification of rack fields if rack_type set
* 12826 update rack fields on rack_type edit
* Misc cleanup
* Update model docs
* Add manufacturer field to RackType
* Add test for mounting_depth
* Rename 'type' to 'form_factor'
* Create base classes for Rack & RackType models, serializers
* Hide RackType-defined fields on RackForm when a rack type is set
* Establish a base filter form for Rack & RackType
* Clean up RackType attr inheritance
* Clean up templates
---------
Co-authored-by: Jeremy Stretch <jstretch@netboxlabs.com>
- Introduces a new `vpn` app with the following models:
- Tunnel
- TunnelTermination
- IKEProposal
- IKEPolicy
- IPSecProposal
- IPSecPolicy
- IPSecProfile
* WIP
* Add config_template field to Device
* Pre-fetch referenced templates
* Correct up_to_date callable
* Add config_template FK to Device
* Update & merge migrations
* Add config_template FK to Platform
* Add tagging support for ConfigTemplate
* Catch exceptions when rendering device templates in UI
* Refactor ConfigTemplate.render()
* Add support for returning plain text content
* Add ConfigTemplate model documentation
* Add feature documentation for config rendering
